<?php
 

define('IN_SCRIPT',1);

/* Get all the required files and functions */
require_once('hd_settings.inc.php');
require_once('language/'.$hd_settings['language'].'.inc.php');
require_once('inc/common.inc.php');
hd_session_start();
require_once('inc/database.inc.php');
hd_dbConnect() or hd_error("$hdlang[cant_connect_db] $hdlang[contact_webmsater] $hd_settings[webmaster_mail]!");

/* What should we do? */
$action=hd_input($_REQUEST['a']) or $action='login';
if ($action == 'login') {print_login();}
elseif ($action == 'do_login') {do_login();}
elseif ($action == 'logout') {logout();}
else {hd_error($hdlang['invalid_action']);}

/* Print footer */
require_once('inc/footer.inc.php');
exit();

/*** START FUNCTIONS ***/

function do_login() {
global $hdlang;
$user=hd_input($_POST['user'],$hesklang['select_username']);
$pass=hd_input($_POST['pass'],$hesklang['enter_pass']);

$sql = "SELECT * FROM `hd_users` WHERE `user`='$user' LIMIT 1";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
$res=hd_dbFetchAssoc($result);
foreach ($res as $k=>$v) {
    $_SESSION[$k]=$v;
}

/* Check password */
if (MD5($pass) != $_SESSION['pass']) {
hd_session_stop();
hd_error($hdlang['wrong_pass']);
}

/* Regenerate session ID (security) */
hd_session_regenerate_id();

/* Get allowed residences */
if (empty($_SESSION['isadmin'])) {
$res=substr($_SESSION['residences'], 0, -1);
$_SESSION['residences']=explode(",",$res);
}

session_write_close();

if ($url=hd_input($_REQUEST['goto'])) {
    $url = str_replace('&amp;','&',$url);
    Header('Location: '.$url);
} else {
    Header('Location: admin_main.php');
}
exit();
} // End do_login()


function print_login() {
global $hd_settings, $hdlang;
require_once('inc/header.inc.php');
?>
<p class="smaller"><a href="<?php echo $hd_settings['site_url']; ?>"
class="smaller"><?php echo $hd_settings['site_title']; ?></a> &gt;
<?php echo $hdlang['admin_login']; ?><br>&nbsp;</p>
</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>

<h3 align="center"><?php echo $hdlang['login']; ?></h3>

<?php
if ($_REQUEST['notice']) {
echo '<p align="center" class="important">'.$hdlang['session_expired'].'</p>';
}
?>

<form action="admin.php" method="POST">

<div align="center">
<center>
<table border="0" cellspacing="1" cellpadding="5">
<tr>
<td align="right"><?php echo $hdlang['user']; ?>: </td>
<td> <input type="text" name="user"></td>
</tr>
<tr>
<td align="right"><?php echo $hdlang['pass']; ?>: </td>
<td><input type="password" name="pass"></td>
</tr>
</table>
</center>
</div>

<p align="center"><input type="hidden" name="a" value="do_login">
<?php
if ($url=hd_input($_REQUEST['goto'])) {
echo '<input type="hidden" name="goto" value="'.$url.'">';
}
?>
<input type="submit" value="<?php echo $hdlang['login']; ?>" class="button"></p>

</form>
<?php
} // End print_login()

function logout() {
global $hd_settings, $hdlang;
require_once('inc/header.inc.php');
hd_session_stop();
?>
<p class="smaller"><a href="<?php echo $hd_settings['site_url']; ?>"
class="smaller"><?php echo $hd_settings['site_title']; ?></a> &gt;
<?php echo $hdlang['logged_out']; ?><br>&nbsp;</p>
</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>
<h3 align="center"><?php echo $hdlang['logout']; ?></h3>
<p>&nbsp;</p>

<p align="center"><?php echo $hdlang['logout_success']; ?></p>
<p>&nbsp;</p>
<p align="center"><a href="admin.php"><?php echo $hdlang['click_login']; ?></a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<?php
require_once('inc/footer.inc.php');
exit();
} // End logout()

?>
